Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveRedhatCVE-2013-1916
HistoryJun 24, 2022 - 3:15 p.m.

CVE-2013-1916

2022-06-2415:15:08
CWE-434
redhat
web.nvd.nist.gov
49
5
cve
wordpress
plugin
user photo
vulnerability
nvd

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.033

Percentile

91.4%

JSON

In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.

Affected configurations

Nvd
Vulners
Node
user_photo_projectuser_photoMatch0.9.4wordpress
VendorProductVersionCPE
user_photo_projectuser_photo0.9.4cpe:2.3:a:user_photo_project:user_photo:0.9.4:*:*:*:*:wordpress:*:*

CNA Affected

[
  {
    "product": "WordPress Plugin User Photo",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "WordPress Plugin User Photo 0.9.4"
      }
    ]
  }
]

Social References

More

Related

prion 1
nvd 1
cvelist 1
patchstack 1
wpvulndb 1
exploitdb 1
prion
prion
Design/Logic Flaw
2022-06-24 15:15:00
nvd
nvd
CVE-2013-1916
2022-06-24 15:15:08
cvelist
cvelist
CVE-2013-1916
2022-06-24 15:00:17
patchstack
patchstack
WordPress User Photo Component - Remote File Upload
2011-02-17 00:00:00
wpvulndb
wpvulndb
User Photo - Component Remote File Upload
2011-02-17 00:00:00
exploitdb
exploitdb
WordPress Plugin User Photo Component - Arbitrary File Upload
2011-02-17 00:00:00

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.033

Percentile

91.4%

JSON
Related for CVE-2013-1916
prion1nvd1cvelist1patchstack1wpvulndb1exploitdb1